PT-2019-11216 · Sap · Sap S4Core+1
Published
2019-05-14
·
Updated
2020-08-24
·
CVE-2019-0280
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SAP Treasury and Risk Management versions 6.0 through 6.06, 6.16 through 6.18, and 8.0
SAP S4CORE versions 1.01 through 1.03
Description:
The issue results from a lack of necessary authorization checks for authorization objects
T DEAL DP and T DEAL PD, leading to escalation of privileges.Recommendations:
For SAP Treasury and Risk Management versions 6.0 through 6.06, 6.16 through 6.18, and 8.0, ensure proper authorization checks are implemented for
T DEAL DP and T DEAL PD objects.
For SAP S4CORE versions 1.01 through 1.03, implement necessary authorization checks for T DEAL DP and T DEAL PD objects to prevent privilege escalation.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap S4Core
Sap Treasury/Risk Management